Data Backup Digest

Earlier last week there was an app on the Google Play store called ‘Sony Backup & Restore’. As the name suggests, the aim of this application was to store an additional copy of your data in a safe place on a microSD card, allowing users to restore from this should anything happy to the primary copy of their data. Or was it?

This app comes preinstalled on a lot of Sony phones and shouldn’t actually be available from the Google Play Store. Something fishy was afoot.

On Monday 17th November it was discovered on the Xperia support forums that the app was now managed by Nirak Patel Kanudo, with a description that was full of spelling mistakes and awful reviews. The description claimed that this app was now managed by the “HeArT HaCkEr Group”.

At the time of writing, the malicious app has now been pulled from the Google Play store.

It seems that this alternative version of the app was published on the Play Store and assigned the same internal signature as the official version from Sony. This is dangerous because it meant that those who had the app installed would have received a notification to update their application – except they weren’t updating, they were actually just installing this malicious version.

The situation gets even stickier because Sony users can’t uninstall the app because it comes preloaded on their system. Users were reporting that the app was failing to install on their phone, which is good news because the malicious version came with permissions such as “read your text messages”, “read your Web bookmarks and history” and “modify/delete SD card contents”.

For those alert users this would have rang alarm bells, but it’s not hard to imagine people trusting and updating the app because they assume it’s an official update from Sony. Nevertheless, it’s a good warning that you should always read the permissions of apps you are installing or updating to check that you’re happy with what you’re granting.

Sony posted a brief response on their forums in response to concerned users:

“Sony Mobile takes the security and privacy of customer data very seriously. We are currently investigating these reports. More information will follow as soon as we have fully assessed the situation.”

Some days later, Sony returned to their forums to offer a statement on what actually occurred:

“As the app mirrored our ‘Backup & Restore’ service naming structure, it appeared as downloaded on some products within Google Play’s “My Apps”, when in fact it wasn’t actually installed. We don’t provide ‘Backup & Restore’ on Google Play - it is pre-installed on Xperia devices, with all version and maintenance updates handled directly through our Update Centre. This application posed no risk to users, but has since been removed from Google Play.”

Users asked how this even happened in the first place and what Sony would be doing to prevent it happening in the future, but received no response at time of writing.